Nameserver Problem [more] -
Bob Goodwin - W2BOD
bobgoodwin at wildblue.net
Mon Apr 2 20:46:12 UTC 2007
Tim wrote:
> On Sun, 2007-04-01 at 17:58 -0400, Bob Goodwin - W2BOD wrote:
>
>> The next question is how to insert the zone files into lan.conf?
>>
>> does
>>
>> zone "lan.example.com" {
>> type slave;
>> file "slaves/lan.example.com.zone";
>> masters { 192.168.1.2; };
>>
>> become:
>>
>> zone "tacoda.net" {
>> type slave;
>> file "slaves/tacoda.net.zone";
>> masters { 192.168.1.2; };
>>
>
> That's the general idea, though now I think I've muddied the waters with
> that prior message and yours. Back then, I was talking about setting up
> slave zones on a slave server, and the thread digressed. In that case,
> each zone was set up like you've typed above, each with their own DNS
> zone record files.
>
> The advert blocking was done with a series of master zone
> configurations, like this:
>
> zone "adimages.com" { type master; file "dead.zone"; };
> zone "admonitor.com" { type master; file "dead.zone"; };
>
> Where they *all* reference the same "dead.zone" DNS zone record file.
>
> Anyway, to try and answer everything in one go regarding blocking of
> annoyances on some websites, I'll post a series of files below. But
> I'll change one thing: I'll use blocking.conf instead of lan.conf.
> Then I can use lan.conf file for configuring local machine addresses
> (which could be masters or slaves, depending on what you're doing), and
> a separate blocking.conf file just for that purpose. It might make
> explanations simpler.
>
> My custom /var/named/chroot/etc/named.conf file:
>
> ---------------[begin example]------------------
> ## LAN:
>
> view lan_resolver {
> match-clients { localhost; };
> match-destinations { localhost; };
> include "/etc/blocking.conf";
> include "/etc/rndc.key";
> };
>
> include "/etc/named.caching-nameserver.conf";
> ----------------[end example]-------------------
>
> This is a simple default file, that's easy to replace should it get
> borked by a BIND update. The named.conf file will be loaded by default
> by BIND, and this one refers to the named.caching-nameserver.conf file
> so that function still works, and without altering the supplied conf
> file. It includes any other custom files that I want to use, in this
> case the blocking.conf file. I'd include a lan.conf file, too, in that
> view section, if I was also using it to resolve local addresses (instead
> of the hosts file, which is inadequate for certain services).
>
> NB: It'd be a bit less painful without having to use "views", but since
> the caching nameserver configuration file does, you're forced into
> working the same way.
>
> My custom /var/named/chroot/etc/blocking.conf file:
>
> ---------------[begin example]------------------
> ## advert blocking:
>
> zone "adimages.com" { type master; file "dead.zone"; };
> zone "admonitor.com" { type master; file "dead.zone"; };
> zone "adsfac.net" { type master; file "dead.zone"; };
> ----------------[end example]-------------------
>
> That file's a list of any domain that I want to kill off. Just add more
> of the same below, as needed. Only use the domain name, it'll kill it
> and any sub-domains in one go.
>
> i.e. Using example.com will kill off it and www.example.com and
> news.example.com and so on... But if I'd put in www.example.com, then
> example.com would be left alone, and it'd be www.example.com and further
> subdomains of www.example.com that got blocked (e.g. it'd block ones
> like now.www.example.com and then.www.example.com, etc.).
>
> My custom /var/named/chroot/var/named/dead.zone file:
>
> ---------------[begin example]------------------
> $TTL 86400
> @ IN SOA ns.localdomain. hostmaster.mail.localdomain. (
> 200 ; serial
> 28800 ; refresh
> 7200 ; retry
> 604800 ; expire
> 86400 ; ttl
> )
>
>
> IN NS ns.localdomain.
> ----------------[end example]-------------------
>
> That causes all blocked domains to get a null answer, straight away.
>
>
>> Then the problem becomes harvesting the addresses. Is there a way
>> to get them other than reading them as they flash across the bottom of
>> the screen in Firefox?
>>
>
> The ones I used were the ones that frequently annoyed me. I never tried
> to kill off *all* adverts, that's an endless game. I just picked on
> ones that kept on being a pain (e.g. flash or pop-up adverts, and ones
> that took ages to load and held everything else back while they did, on
> websites that I regularly used), I've only got about twenty of them on
> my list. Any website that acts in such inconsiderate ways towards their
> viewers deserves the punishment of lost revenue.
>
Eureka! It works, once I figured out that I had to do 'service named
restart' each time I made a change, added an address to be blocked.
The blocked list still needs refinement but I am very happy with the result.
Thanks Tim.
Bob Goodwin
More information about the users
mailing list